Active forum topics

Faulty M$ Update Rekindles Patch Quality Concerns

For Microsoft, delivering high-quality security patches in a timely manner has always been a lose-lose predicament.

If patches for major software vulnerabilities take too long, customers are at the mercy of zero-day threats. When patches are rushed out without proper quality assurance testing, they invariably become a system administrator's worst nightmare.

Earlier this week, when Microsoft Corp. announced plans to re-release a "critical" bulletin because of patch quality problems, the move triggered a new round of eye-rolling among security research pros.

The bulletin, MS05-019, first released in April, contains patches that have caused major connectivity problems for network administrators.

The connectivity errors range from the inability of Exchange servers to talk to their domain controllers; failure of domain controller replication across WAN (wide area network) links; and inability to connect to terminal servers or to file share access.

A knowledge base article has been posted to highlight the problems, and hotfixes have been offered to provide temporary respite, but despite Microsoft's insistence that the problems affect only a small number of customers, security experts said the re-release of a high-severity bulletin points to a weakness in Microsoft's patch creation process.

"A hotfix for a patch? I hope it works properly, or what's next? A hotmend for the hotfix for the patch?" asked Corey Nachreiner, a network security analyst at WatchGuard Technologies Inc.

In an interview with Ziff Davis Internet News, Nachreiner said some of his company's clients have complained that the patches have broken VPN connections, a problem he described as "a big deal" for the SMB (small and medium-sized business) market segment.

Because the patch is rated critical by Microsoft, Nachreiner said he cannot recommend uninstalling the patch.

"It means that a lot of customers are scrambling to get hotfixes to keep their systems connected."

Officials at Microsoft insisted the company is doing "far more for this one than necessary" to help ensure every customer has the most recent changes to the update.

More in Tux Machines

Leftovers: Gaming

Middle-Earth: Shadow of Mordor was by far one of the best games of 2014. With great combat, abilities, and a really interesting Nemesis system, I was really surprised by what I was expecting to be a pretty generic Batman: Arkham Mordor rip-off.

Evoland developers Shiro Games recently announced the release date for the anticipated sequel, and though there's no firm release date for Linux yet, it shouldn't be far behind the Windows release. If you didn't catch the great looking trailer when we last wrote about Evoland 2, here it is again for you to enjoy:

Codename CURE is a reasonable well rated first-person shooter on Steam, and it has been updated to include a Linux version.
The game is free to play, so you lose nothing by trying it. It has quite lot of positive reviews going for it too, if you trust user reviews.

It's not often I get over excited about a game, and I'm not entirely sure how this flew under my radar, but Shallow Space looks seriously good. You can pre-order now for $15 which will give you access to early builds when they are available. We never recommend pre-ordering, but this looks like it could be a safe bet since it already has Linux builds available.

KDE and Akademy

At this year’s KDE conference Akademy, I was working on a small plasmoid to continuously track the disk quota.
The disk quota is usually used in enterprise installations where network shares are mounted locally. Typically, sysadmins want to avoid that users copy lots of data into their folders, and therefor set quotas (the quota limit has nothing to do with the physical size of a partition). Typically, once a user gets over the hard limit of the quota, the account is blocked and the user cannot login anymore. This happens from time to time, since the users are not really aware of the current quota limit and the already used disk space.

A few days ago, fellow Qt/KDE team member Lisandro gave an update on the situation with migration to Plasma 5 in Debian Testing (AKA Stretch). It’s changed again. All of Plasma 5 is now in Testing. The upgrade probably won’t be entirely smooth, which we’ll work on that after the gcc5 transition is done, but it will be much better than the half KDE4 SC half Kf5/Plasma 5 situation we’ve had for the last several days.

Red Hat and Fedora

Open source users flock to Red Hat for enterprise support, but not all subscribers like the way the company handles IT issues.
The company recently launched an updated support service. User experience is important to Red Hat Inc., and it dedicated its day-three keynote at the Red Hat Summit last month to its support.

Several research firms have weighed in on RHT. Northland Securities reissued a “buy” rating and set a $92.00 target price (up from $85.00) on shares of Red Hat in a report on Thursday, June 25th. Northland Capital Partners upped their price objective on Red Hat from $85.00 to $92.00 in a report on Thursday, June 25th. Cantor Fitzgerald reiterated a “buy” rating on shares of Red Hat in a research report on Friday, June 26th. Deutsche Bank restated a “hold” rating and set a $75.00 price objective (up from $70.00) on shares of Red Hat in a research report on Thursday, July 2nd. Finally, JPMorgan Chase & Co. reaffirmed an “overweight” rating and issued a $85.00 target price (up previously from $82.00) on shares of Red Hat in a report on Thursday, July 2nd.

So the schedule for Flock is finally fixed and I have to update some things according to my last post. First the practical part of the Wallpaper Hunt is scheduled now for Friday now instead of Satruday. Addionally I will help Máirín Duffy on Saturday morning with the Inkscape and GIMP Bootcamp, guess which part I will do.

Few days back I wrote about a locally built Fedora 22 image which has systemd-networkd handling the network configuration. You can test that image locally on your system, or on an Openstack Cloud. In case you want to test the same on AWS, we now have two AMI(s) for the same, one in the us-west-1, and the other in ap-southeast-1. Details about the AMI(s) are below:

Leftovers: Debian

Hi all,
I just looked back on the Halloween Documents, specifically
http://www.catb.org/esr/halloween/halloween1.html . Here are two quotes
I find both interesting and timely:
* Linux can win as long as services / protocols are commodities.
* OSS projects have been able to gain a foothold in many server
applications because of the wide utility of highly commoditized,
simple protocols. By extending these protocols and developing new
protocols, we can deny OSS projects entry into the market.
So next time one of the new breed calls you a neckbeard for helping
build a distro with simple protocols and services, show him
http://www.catb.org/esr/halloween/halloween1.html . And try not to
laugh when the whole thing goes right over his head.

VLANd is a python program intended to make it easy to manage port-based VLAN setups across multiple switches in a network. It is designed to be vendor-agnostic, with a clean pluggable driver API to allow for a wide range of different switches to be controlled together.

Latest News

Leftovers: Software

All the *mm projects now require C++11. Current versions of g++ require you to use the –std=c++11 option for this, but the next version will probably use C++11 by default. We might have done this sooner if it had been clearer that g++ (and libstdc++) really really supported C++11 fully.

I have just released version 1.13 of Obnam, my backup program. See the website at http://obnam.org for details on what it does. The new version is available from git (see http://git.liw.fi) and as Debian packages from http://code.liw.fi/debian, and uploaded to Debian, and soon in unstable.

MusicTube is a very interesting music player designed for multiple platforms using YouTube as the music source. It's not made for locally hosted music, and you can't add other online sources, but YouTube is a huge resource.

today's leftovers

Most of our services are in Go, and thanks to the fact that compiled Go binaries are mostly-statically linked by default, it’s possible to create containers with very few files within. It’s surely possible to use these techniques to create tighter containers for other languages that need more runtime support, but for this post I’m only focusing on Go apps.

Enabling Multipath TCP on the smartphone is the first step in deploying it. However, this is not sufficient since there are very few servers that support Multipath TCP today. To enable their users to benefit from Multipath TCP for all the applications that they use, KT has opted for a SOCKSv5 proxy. This proxy is running on x86 servers using release 0.89.5 of the open-source Multipath TCP implementation in the Linux kernel. During the presentation, SungHoon Seo mentioned that despite the recent rollout of the service, there were already 5,500 active users on the SOCKS proxy the last time he checked. Thanks to this proxy, the subscribes of the Giga Path service in Korea can benefit from Multipath TCP with all the TCP-based applications that they use.

On August 1, Artyom Zorin had the great pleasure of announcing the immediate availability for download of the final release of his Zorin OS 10 GNU/Linux operating system, distributed as Core and Ultimate editions, based on Ubuntu 15.04.

I’ve meant to do this for ages, so on my first day of my “staycation”, despite vowing to myself that I wouldn’t look at a computer screen this week (hey, it’s not actually the technical start of my week off is it?), I fiddled this morning with BIND to try and avoid seeing ads on my devices. While AdBlock works great on my browsers, that doesn’t transfer well to mobile devices and apps with built-in advertising, etc.